Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Diebold Disks May Have Been For Testers

Posted by Zonk on Sun Oct 22, 2006 10:28 PM
from the concientious-tester dept.
Government Software Politics
opencity writes "The Washington Post reports on the two Diebold source disks that were anonymously sent to a Maryland election official this past week. Further investigation has lead individuals involved to believe the disks came from a security check demanded by the Maryland legislature sometime in 2003." From the article: "Critics of electronic voting said the most recent incident in Maryland casts doubt on Lamone's claim that Maryland has the nation's most secure voting system. "There now may be numerous copies of the Diebold software floating around in unauthorized hands," said Linda Schade, co-founder of TrueVoteMD, which has pressed for a system that provides a verifiable paper record of each vote."
+ -
story

Related Stories

[+] IT: Opening Diebold Source, the Hard Way 299 comments
Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article: "Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Diebold Disks May Have Been For Testers 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Can't do much with these disks (Score:5, Funny)

    by Anonymous Coward on Sunday October 22 2006, @10:37PM (#16541660)
    Can't play on ranked servers without a cd key and the gameplay itself is more boring than WoW. I'll stick with BF2.

    • Re:Can't do much with these disks (Score:5, Funny)

      by TubeSteak (669689) on Sunday October 22 2006, @11:19PM (#16541964) Journal
      Now that's now fair.
      It's still great fun over the LAN!!

      Getting a bunch of friends together to suborn the vote is always a good time ;-)
    • Can't play on ranked servers without a cd key and the gameplay itself is more boring than WoW. I'll stick with BF2.


      And, frankly, the AI is horribly unrealistic. All the little guys that you tell to cast votes... Most of them just ignore you. It's like they don't even notice you, or anything going on. And, the guys being voted for are like crazy over the top cartoon villains. Whoever made this game is obviously a moron, and has no understanding of a decent plot.

      Actually, on a more serious note... I haven't been able to find a torrent. This shit is pretty fucking fundamental to our democracy, and when it finally gets 'leaked,' it manages to stay buttoned up? Seriously, do we know anything about the source? Does anybody have a torrent, or at least asn assessment from somebody qualified to be frightened by looking at it? As far as I'm concerned, every citizen of the US not only should have the right to see the mechanics of demacracy, but an obligation to do so. Anybody who doesn't try to get ahold of the source code running their local voting machines should be considered grossly negligent.

  • If the attackers can use the source to attack it (Score:5, Insightful)

    by strider44 (650833) on Sunday October 22 2006, @10:38PM (#16541664)
    If the attackers can use the source code to attack the machines then the machines aren't secure and probably wouldn't withstand an attack from someone who had access to the machine even without source code.

    Having numerous copies floating around is a good thing if disclosure of security holes is encouraged, and the fact that Diabold are implying that the security of their systems rely on people not having access to the source code is a very bad thing.

    Lets look at things logically. The only people who would rig the election using those machines would have to have physical access to the machines, and if they did they wouldn't need the source code to highlight security holes. If the source code was released then the people who would be advantaged would be the people who would responsibly disclose security holes.
    • What is funny is that no one has commented on the real story here - Diebold sent a copy of the source code for a security audit, as requested. Maryland's security team then leaked the code to external people and used the incident to claim that Diebold's security is awful...

      The real lesson here is the lengths some politicians will go to so that they appear "right".

      (OK, and Diebold also has security issues - but that is a side issue, everyone has security issues. These are the guys making ATMs, for goodness sake. A voting machine that is as secure as an ATM is probably good enough. You can't stop human fraud via a machine - humans win every time.)
      • "A voting machine that is as secure as an ATM is probably good enough."

        Wasn't it just a few weeks ago people were finding the passwords for ATMs 'hidden' right there on the net with instructions on how to reprogram them from the front pannel so that it thought the 20s slot was actually dispensing $5s???

        If this is the security we can expect...well, I just hope my side finds the password list before the other side. Those bastards are slimy cut and run warmongers who want to stay the course of flipflopping.
      • "These are the guys making ATMs, for goodness sake. A voting machine that is as secure as an ATM is probably good enough."

        If the system were as secure as an ATM network I would have to agree. An ATM gives you a bit of paper to prove the transaction took place and are fully auditable by the bank, the voting machines in question do not give a receipt and do not leave an audit trail. The fact that diebold also makes ATM's indicates nothing less than malice in the design of such a piss poor security scheme for their voting machines.

      • Re:If the attackers can use the source to attack i (Score:5, Insightful)

        by jx100 (453615) on Sunday October 22 2006, @11:36PM (#16542104)
        I'd argue that the source code for voting machine should be made public in any circumstance. There is *no* reason to keep any part of the counting process secret. If there are exploitable holes in this process, that means the *process* is at fault, and should be redone until there are no holes.
      • >A voting machine that is as secure as an ATM is probably good enough.

        That's not what we're getting, as the research and disclosures have made painfully clear.

        In any case, Diebold has had some trouble with ATMs, including the ATM reprogrammed as a jukebox [thetartan.org] and the ATMs infected by a virus [windowsfordevices.com].

        Voting machines are a harder and more safety-critical application than ATMs. Voting machines have to preseve anonymity. Imagine how that would complicate banking. Then, the worst case failure of an ATM is that some money changes hands inappropriately and laywers earn lots of money sorting it out. The worst case failure of a voting system is an election lost to fraud, meaning the victors are the crooks. The damage is potentially incalculable: think of the nations ruined by having the wrong leaders.

  • Stupid (Score:5, Insightful)

    by SatanicPuppy (611928) * <Satanicpuppy.gmail@com> on Sunday October 22 2006, @10:40PM (#16541692) Journal
    If the software was well designed, this wouldn't matter at all. I mean it should be clean and simple, and secure. All incoming data should be validated, all data should be stored, and a mile wide system audit trail should be created at the same time. Then, spit out the paper version with a transaction # so you can run it right back against the system.

    Instead, I bet it's a pile of shit. Recycled code, buffer vulnerabilities, piles of ad hoc crap, with poor documentation.

    I hope someone does find a way to exploit the code. People need to wake the hell up.

  • What's the problem again? (Score:5, Insightful)

    by arth1 (260657) on Sunday October 22 2006, @10:41PM (#16541702) Homepage Journal
    Forgive if if I misunderstood, but shouldn't Linda Schade be happy that there's copies of the software available for public scrutiny instead of complaining about it? If she's really concerned with the security of electronic voting, surely she would be in favour of the software being verifiable?

    If I didn't misunderstand, someone in D.C. should give this lady a call and explain to her the pitfalls of "security through obscurity" and why openness is a Good Thing.

    • Conspiracy theory (Score:5, Funny)

      by sshore (50665) on Sunday October 22 2006, @11:04PM (#16541854)
      Perhaps she's concerned about the give_election_to_highest_bidder() function being discovered..

    • Re:What's the problem again? (Score:5, Insightful)

      by TapeCutter (624760) on Sunday October 22 2006, @11:22PM (#16541984) Journal
      "Security through obscurity" is diebold's methodology, by obtaining a set of original disks she has exposed a hole in their security and demonstrated the weakness in their methods. Diebold by their actions have basically admitted they belive their code is vunerable to "hackers", that "admission" alone should disqualify paperless voting machines.

      In other words: If diebold can't manage to secure their source code from theft then how the fuck can they be trusted to secure your vote from theft.

  • Copyright vs. election security (Score:5, Insightful)

    by Dirtside (91468) on Sunday October 22 2006, @10:48PM (#16541756) Homepage Journal
    Diebold whines about how the source code to their voting software is secret and copyrighted and blah blah... but you know what? Accurate democratic elections easily outweigh the need of any company providing voting software to keep their software secret. The government ought to be hiring a software company on contract to provide the service of writing voting software, not buying a product from them.

    This is assuming, of course, that there's any overall benefit to digital voting in the first place, which there really isn't. Digital elections are a terrible idea -- stick with paper. Oh no! We'll have to wait a few more hours to have complete results! Big fucking deal.

  • These are the disks we returned to the state (Score:5, Informative)

    by Anonymous Coward on Sunday October 22 2006, @10:49PM (#16541770)
    I was one of the RABA testers. We discussed this today and we returned the disks to the testers. The leaks came from Linda Lamone's OWN OFFICE!

  • Security doesn't matter if the machines are rigged (Score:5, Insightful)

    by Anonymous Coward on Sunday October 22 2006, @10:59PM (#16541818)
    Just before the 2002 election, a secret "patch" was distributed by order of the president of Diebold without the knowledge of election officials, according to several whistleblowers. You know, the guy who promised to "deliver [Ohio's] votes to the President".

    Who gives a fuck if J0e Hax0r can compromise a voting machine when secret code can be installed on thousands, if not all, of the voting machines at the last minute with absolutely no oversight and nobody knowing about it? Voting, to borrow from one of the current "President's" minions, is a "quaint" and outdated practice.
  • You, the voter, need to physically move your verified ticket into a box under the watchful eye of the election judge. This MUST NOT be done by machine, unless the machine also does it in an easily visible fashion under the watchful eye of an election judge - which is simply not what's going on.

    I early voted on a Diebold voter verified machine - and it's NOT good enough. I even had a nice conversation with the technical election judge, and since it did print a verified trail I did have to go home and think about this before I realized how it sucked.

    They totally and complete circumvented the idea of a voter verified paper trail.

    The way this machine works is you vote, it prints, you can see-but-not-touch the printout. You can vote AGAIN (up to 3 times) and it voids the previous printouts. Again, without you touching them. Which means the process expects that some percentage of its paper trail will be voided. The printouts get sent into some magic compartment.

    So 1) there's no way except by noise for the election monitors to know if it printed a variety of extra votes. And they were pretty quiet.

    2) There's absolutely zero way to know if it went back and voided your vote, because there's plenty of precedent for voiding votes.

    3) It can absolutely tell via paper alone who voted in which order; it's on a spool. Which could be easily tracked by anyone who watched what order people voted at that machine. Your votes are even less anonymous.

    *sigh*

    (Ok, so I posted this on the previous Diebold story - sue me. It's important, so I reposted it, Karma be damned.)

  • Not 1337 h4x0rs! (Score:5, Insightful)

    by QuantumFTL (197300) <justin@wick.gmail@com> on Sunday October 22 2006, @11:45PM (#16542174) Homepage
    Never attribute to malice that which is adequately explained by stupidity.

    • Re:So why did we move to electronic voting again? (Score:5, Insightful)

      by fdiskne1 (219834) on Sunday October 22 2006, @11:12PM (#16541904)

      and the voter gets a carbon copy of the paper

      You had me up until that part. The voter should be able to SEE the paper copy and verify it is accurate without being able to touch it. It is then whisked away, dropped down, or whatever onto a roll, stack or whatever so poll workers have a way to verify the machine counts with paper counts. If they are given receipts, this would provide proof they voted a certain way. Voters should not be given a copy since this opens the door to people being paid or intimidated to vote a certain way. Other than that point, I agree with your post.

      • Re:New tag (Score:5, Funny)

        by LordEd (840443) on Sunday October 22 2006, @11:16PM (#16541934)
        In other news, slashdot search queries for "wretchedhiveofscumandvillainy" increases dramatically.

      • Re:New tag (Score:5, Insightful)

        by pilkul (667659) on Sunday October 22 2006, @11:45PM (#16542170)
        Who cares? The actual way tags ended up being used is a lot more in the Slashdot spirit. I, for one, like having one-word snarky commentary right below every story.

      • Re:New tag (Score:5, Interesting)

        by grasshoppa (657393) <{gro.oc-onpt} {ta} {ydenneks}> on Sunday October 22 2006, @11:55PM (#16542208) Homepage
        While tagging in general is an interesting idea, you have to understand that the combination of semi-anonymous tagging + your average internet idiot will completely ruin any hopes for a tagging system that does what you specify.

        Instead, the editors who post the story should be tagging it appropriately. As well as that, there should be a common set of tags that can be voted on for each story ( dupe, inaccurate, comfirmed, ect.. ), with the voting be weighed by user.

        And even that is subject to errors, but it'd be more accurate.
      • Except that, because me and others find this amusing, "wretchedhiveofscumandvillany" will be able to be used to search for articles concerning government corruption (among, I imagine, other things). As for your argument about it gummming up the works, that would be true if each article had a limited number of tags that it could have. But it doesn't. So if you have a tag you like better, stick it on. Don't you just love how the tagging system really works?

        Oh, and I wasted my mod points so I could tell you how people with senses of humour work.

      • Proper tags (Score:5, Funny)

        by Capsaicin (412918) on Monday October 23 2006, @12:29AM (#16542448)

        Proper tags for this article may include "Diebold" "voting machines" "Maryland"

        Surely you can think of some more useful tags like "electoral fraud", "corruption," "cronyism" ...

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.